Scott L. Vernick was featured in The Wall Street Journal article, "Retailers Try To Keep Pace With Cybercriminals." Full text can be found in the January 28, 2014, issue, but a synopsis is noted below.
With Congress not expected to pass any significant legislation to help stem data breaches, it may be up to federal agencies and individual states to pass stricter rules. Private companies are also increasingly offering products to better protect consumers by giving companies more sophisticated tools.
Noted privacy attorney Scott L. Vernick said retailers should be aware of three areas where enforcement is increasing: What information are you keeping? How long are you keeping it? Who has access to it?
"What we tell our clients is, consistent with whatever their business model is, you shouldn't keep more data than you need, any longer than you need to, and you shouldn't have anyone having access to it other than those that need to," said Vernick, who spearheaded the creation of the recently released Data Breach 411 app, designed to help companies navigate varying state laws regarding breaches.
"You don't always find companies being mindful of either what they're storing and how long they're storing it. There may not be any regulatory requirements that they store it and they may not be aware of who has access to it."
While a personal data privacy bill has been introduced to Congress, Vernick said legislation on the federal level remains unlikely due to party divisions. At the same time, he said companies should expect individual states and the Federal Trade Commission to target organizations that they deem have inadequate security standards.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
